Merge remote-tracking branch 'origin/feature/REQ-1502' into feature/REQ-1502

# Conflicts:
#	tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java

integration-test/src/test/resources/role-user.http

@@ -21,4 +21,16 @@ Content-Type: application/json
 > reponse-check.js
 
 
+###
+POST {{host}}/api/saas-role-user/delete-user-role-of-workspace
+Accept: application/json
+Content-Type: application/json
+
+{
+
+}
+
+> reponse-check.js
+
+
 

tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionPointApplyApi.java

@@ -30,9 +30,6 @@ public interface PermissionPointApplyApi {
     @PostMapping(value = "/api/v1/permissionPoint/apply/submit")
     ApiResult<Long> submitApply(@RequestBody@Valid SubmitPermissionPointApplyVO apply);
 
-    @PostMapping(value = "/api/v1/permissionPoint/apply/update-detail")
-    ApiResult<Void> updateDetail(@RequestBody@Valid UpdatePermissionPointApplyVO updateDetail);
-
     @PostMapping(value = "/api/v1/permissionPoint/apply/bind")
     ApiResult<Void> bindWorkflowInstantce(@RequestBody@Valid BindWorkflowInstantceVO bind);
 

tyr-api/src/main/java/cn/axzo/tyr/client/feign/ProductApi.java

@@ -21,6 +21,8 @@ import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.validation.constraints.NotNull;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * 产品相关 API
@@ -102,4 +104,12 @@ public interface ProductApi {
      */
     @PostMapping("api/auth/product/feature/relation/update")
     ApiResult<Boolean> updateFeatureRelation(@Validated @RequestBody List<ProductFeatureRelationUpdateReq> req);
+
+    /**
+     * 查询指定工作台关联的服务包下的产品权限点
+     *
+     * @param workspaceIds
+     * @return
+     */
+    ApiResult<Map<Long, List<ProductFeatureRelationVO>>> queryProductFeatureRelationByWorkspace(Set<Long> workspaceIds);
 }

tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java

@@ -1,18 +1,16 @@
 package cn.axzo.tyr.client.feign;
 
 import cn.axzo.framework.domain.web.result.ApiResult;
+import cn.axzo.tyr.client.model.roleuser.dto.CreateAdminRoleDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
-import cn.azxo.framework.common.model.CommonResponse;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
 import java.util.List;
 
 /**
@@ -41,15 +39,42 @@ public interface TyrSaasRoleUserApi {
      * @param param
      * @return
      */
-    @PostMapping("api/saas-role-user/delete")
+    @PostMapping("/api/saas-role-user/delete")
     ApiResult<Boolean> deleteUserAllRoles(@RequestBody @Valid List<DeleteRoleUserParam> param);
 
     /**
-     * 新的 移除某个人在某个工作台的所有角色(除超管)
+     * 删除某个用户非超管角色(新)
      *
      * @param param
      * @return
      */
-    @PostMapping("api/saas-role-user/delete-user-role")
+    @PostMapping("/api/saas-role-user/delete-user-role")
     ApiResult<Boolean> deleteUserRoles(@RequestBody @Valid DeleteUserRoleParam param);
+
+    /**
+     *
+     * @param param
+     * @return
+     */
+    @PostMapping("/api/saas-role-user/create-agency-admin-role")
+    ApiResult<CreateAdminRoleDTO> createAgencyAdminRole(@RequestBody @Valid CreateAgencyAdminRoleParam param);
+
+    @PostMapping("/api/saas-role-user/create-super-admin-role")
+    ApiResult<Void> createSuperAdminRole(@RequestBody @Valid @NotEmpty CreateSuperAdminRoleParam param);
+
+    /**
+     * 移除超管角色
+     * @param params
+     * @return
+     */
+    @PostMapping("/api/saas-role-user/delete-admin-role")
+    ApiResult<Boolean> deleteAdminRole(@RequestBody @Valid @NotEmpty List<DeleteAdminRoleParam> params);
+
+    /**
+     * 批量查询超管, 只能批量获取单个工作台台下的超管，业务系统需要根据返回的identityId和identityType查询identityProfile查询用户明细信息
+     * @param param
+     * @return
+     */
+    @PostMapping("/api/saas-role-user/super-admin-list")
+    ApiResult<List<SuperAdminInfoDTO>> superAdminList(@RequestBody @Valid SuperAdminParam param);
 }

tyr-api/src/main/java/cn/axzo/tyr/client/model/product/ProductSearchPageReq.java

@@ -2,11 +2,8 @@ package cn.axzo.tyr.client.model.product;
 
 
 import cn.axzo.core.domain.PageRequest;
-import lombok.AllArgsConstructor;
-import lombok.Builder;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
-import lombok.NoArgsConstructor;
 import lombok.experimental.Accessors;
 
 /**

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java

@@ -50,7 +50,7 @@ public class IdentityAuthReq {
     /**
      * {@link TerminalInfo#NT()}
      */
-    private String terminal;
+    private List<String> terminal;
     @Builder.Default
     private Set<Long> featureId = new HashSet<>();
     @Builder.Default

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/CreateAdminRoleDTO.java

@@ -0,0 +1,47 @@
+package cn.axzo.tyr.client.model.roleuser.dto;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.Data;
+
+/**
+ * @author : liuchuntao
+ * @date : 2022/5/11 11:20
+ * @description :
+ */
+@Data
+public class CreateAdminRoleDTO {
+
+	/**
+	 * 身份Id
+	 */
+	private Long identityId;
+
+	/**
+	 * 身份类型
+	 */
+	private IdentityType identityType;
+
+	/**
+	 * 账户Id
+	 *
+	 * @deprecated 此字段业务中不要使用，全部用身份id来处理业务
+	 */
+	@Deprecated
+	private Long accountId;
+
+	/**
+	 * 手机号
+	 */
+	private String phone;
+
+	/**
+	 * 真实姓名
+	 */
+	private String realName;
+
+	/**
+	 * 自然人Id
+	 */
+	private Long naturalPersonId;
+
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SuperAdminInfoDTO.java

@@ -0,0 +1,29 @@
+package cn.axzo.tyr.client.model.roleuser.dto;
+
+import lombok.Data;
+
+/**
+ * @author : liuchuntao
+ * @date : 2022/6/17 16:20
+ * @description : 超管信息
+ */
+@Data
+public class SuperAdminInfoDTO {
+
+  /**
+   * 身份ID
+   */
+  private Long identityId;
+  
+  private Integer identityType;
+  /**
+   * 工作台Id
+   */
+  private Long workspaceId;
+
+  /**
+   * 单位Id
+   */
+  private Long ouId;
+
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateAgencyAdminRoleParam.java

@@ -0,0 +1,65 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import java.util.List;
+
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Builder
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class CreateAgencyAdminRoleParam {
+
+	/**
+	 * 工作台id，与context校验
+	 */
+	@NotNull(message = "工作台Id不能为空")
+	private Long workspaceId;
+
+	/**
+	 * 单位id : 必填
+	 */
+	@NotNull(message = "单位Id不能为空")
+	private Long ouId;
+
+	/**
+	 * 单位类型
+	 */
+	@NotNull(message = "单位类型不能为空")
+	@Min(value = 1)
+	private Integer organizationalUnitType;
+
+	/**
+	 * 被赋予角色的人的身份类型
+	 */
+	@NotNull(message = "身份类型不能为空")
+	private IdentityType identityType;
+
+	/**
+	 * 手机号
+	 */
+	@NotBlank(message = "手机号不能为空")
+	private String phoneNo;
+
+	/**
+	 * 用户名
+	 */
+	@NotBlank(message = "用户名不能为空")
+	private String userName;
+
+	/**
+	 * 之前的所有RoleId都被更新
+	 */
+	@NotEmpty(message = "角色列表不能为空")
+	private List<Long> updateRoleIds;
+
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateSuperAdminRoleParam.java

@@ -0,0 +1,62 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.Data;
+
+import javax.validation.constraints.NotNull;
+
+@Data
+public class CreateSuperAdminRoleParam {
+
+	/**
+	 * 工作台id，与context校验
+	 */
+	@NotNull(message = "workspaceId不能为空")
+	private Long workspaceId;
+
+	/**
+	 * 单位id
+	 */
+	@NotNull(message = "ouId不能为空")
+	private Long ouId;
+
+	/**
+	 * 适用单位类型 1:总包 2:建设单位 4:监理单位 8:劳务分包 16:专业分包 0都可以用 只会挂在最末级
+	 * <p>
+	 * 业务层，这个字段不要直接用。有变种的getter、setter，或者直接用解释工具。
+	 */
+	private Long fitOuTypeBit;
+
+	/**
+	 *
+	 * 适用节点类型 1:部门 2:班组 4:小组 只会挂在最末级
+	 *
+	 * 业务层，这个字段不要直接用
+	 */
+	private Long fitOuNodeTypeBit;
+
+	/**
+	 * 角色Id，必填
+	 * 只能传SUPER_ADMIN，ADMIN
+	 */
+	private RoleTypeEnum roleType;
+
+	/**
+	 * 身份id
+	 */
+	@NotNull(message = "identityId不能为空")
+	private Long identityId;
+
+	/**
+	 * 身份类型
+	 */
+	@NotNull(message = "identityType不能为空")
+	private IdentityType identityType;
+
+	@NotNull(message = "workspaceType不能为空")
+	private Integer workspaceType;
+
+	private Long naturalPersonId;
+
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteAdminRoleParam.java

@@ -0,0 +1,26 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import lombok.Data;
+
+@Data
+public class DeleteAdminRoleParam {
+
+    /**
+     * 工作台id，与context校验
+     */
+    private Long workspaceId;
+    /**
+     * 单位id : 非必填
+     */
+    private Long ouId;
+    /**
+     * 被赋予角色的人的身份id
+     */
+    private Long identityId;
+
+    /**
+     * 身份类型，必填
+     */
+    private IdentityType identityType;
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/DeleteUserRolesOfWorkspaceParam.java

@@ -0,0 +1,30 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotNull;
+
+/**
+ * @author haiyangjin
+ * @date 2023/10/17
+ */
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class DeleteUserRolesOfWorkspaceParam {
+    /**
+     * 工作台id
+     */
+    @NotNull(message = "工作台ID不能为空")
+    private Long workspaceId;
+
+    /**
+     * 单位id
+     */
+    @NotNull(message = "单位ID不能为空")
+    private Long ouId;
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/SuperAdminParam.java

@@ -0,0 +1,35 @@
+package cn.axzo.tyr.client.model.roleuser.req;
+
+import java.util.List;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author : liuchuntao
+ * @date : 2022/6/17 16:28
+ * @description : 查询超管信息
+ */
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class SuperAdminParam {
+
+  /**
+   * 工作台Id
+   */
+  @NotNull(message = "工作台Id不能为空")
+  private Long workspaceId;
+
+  /**
+   * 单位Id
+   */
+  @NotEmpty(message = "单位Id不能为空")
+  private List<Long> ouIds;
+}

tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionPointApplyController.java

@@ -35,11 +35,6 @@ public class PermissionPointApplyController implements PermissionPointApplyApi {
         return ApiResult.ok(saasFeatureApplyService.saveApply(apply));
     }
 
-    @Override
-    public ApiResult<Void> updateDetail(UpdatePermissionPointApplyVO updateDetail) {
-        return null;
-    }
-
     @Override
     public ApiResult<Void> bindWorkflowInstantce(BindWorkflowInstantceVO bind) {
         saasFeatureApplyService.bindWorkflowInstantce(bind);

tyr-server/src/main/java/cn/axzo/tyr/server/controller/product/ProductController.java

@@ -20,6 +20,8 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * 产品相关 API 实现
@@ -124,4 +126,10 @@ public class ProductController implements ProductApi {
         }
         return productFeatureRelationService.updateFeatureRelation(req);
     }
+
+
+    @Override
+    public ApiResult<Map<Long, List<ProductFeatureRelationVO>>> queryProductFeatureRelationByWorkspace(Set<Long> workspaceIds) {
+        return ApiResult.ok(productFeatureRelationService.getByWorkspace(workspaceIds));
+    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java

@@ -2,11 +2,10 @@ package cn.axzo.tyr.server.controller.roleuser;
 
 import cn.axzo.framework.domain.web.result.ApiResult;
 import cn.axzo.tyr.client.feign.TyrSaasRoleUserApi;
+import cn.axzo.tyr.client.model.roleuser.dto.CreateAdminRoleDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
 import cn.axzo.tyr.server.service.SaasRoleUserService;
 import lombok.RequiredArgsConstructor;
@@ -45,7 +44,7 @@ public class RoleUserController implements TyrSaasRoleUserApi {
     }
 
     /**
-     * 新的 移除某个人在某个工作台的所有角色(除超管)
+     * 删除用户非超管角色
      *
      * @param param
      * @return
@@ -55,4 +54,31 @@ public class RoleUserController implements TyrSaasRoleUserApi {
         return ApiResult.ok(saasRoleUserService.deleteUserRoles(param));
     }
 
+    @Override
+    public ApiResult<CreateAdminRoleDTO> createAgencyAdminRole(CreateAgencyAdminRoleParam param) {
+        // todo cn.axzo.basics.auth.api.SaasRoleApi#grantAgencyAdminRole
+        return ApiResult.ok(new CreateAdminRoleDTO());
+    }
+
+    @Override
+    public ApiResult<Void> createSuperAdminRole(CreateSuperAdminRoleParam param) {
+        saasRoleUserService.createSuperAdminRole(param);
+        return ApiResult.ok();
+    }
+
+    @Override
+    public ApiResult<Boolean> deleteAdminRole(List<DeleteAdminRoleParam> params) {
+        // todo cn.axzo.basics.auth.api.SaasRoleApi#ungrantAdminRole
+        return ApiResult.ok(true);
+    }
+
+    /**
+     * cn.axzo.basics.auth.api.SaasRoleApi#batchFindSuperAdmin
+     * @param param
+     * @return
+     */
+    @Override
+    public ApiResult<List<SuperAdminInfoDTO>> superAdminList(SuperAdminParam param) {
+        return ApiResult.ok(saasRoleUserService.superAdminList(param));
+    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java

@@ -2,10 +2,13 @@ package cn.axzo.tyr.server.repository.dao;
 
 import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
+import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.enums.IdentityType;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
 import cn.axzo.tyr.server.repository.mapper.SaasRoleMapper;
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.collection.CollectionUtil;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.stereotype.Repository;
@@ -53,5 +56,30 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
 		}
 		return this.getBaseMapper().listRoleUserByPermissionGroup(permissionGroupIdList, workspaceIds);
 	}
+
+	public SaasRole findRoleByTypeAndWorkspaceIdAndOuId(String roleType, Long workspaceId,
+														Long ouId) {
+		List<SaasRole> list = this.lambdaQuery()
+				.eq(SaasRole::getRoleType, roleType)
+				.eq(SaasRole::getWorkspaceId, workspaceId)
+				.eq(SaasRole::getOwnerOuId, ouId)
+				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value)
+				.list();
+		if(CollUtil.isEmpty(list)){
+			return null;
+		}
+        return list.get(0);
+	}
+
+	public List<SaasRole> listCommonRoleByNameAndWorkspaceIdAndOuId(String name, Long workspaceId,
+																	Long ouId) {
+		return lambdaQuery().eq(SaasRole::getName, name)
+				.eq(SaasRole::getWorkspaceId, workspaceId)
+				.eq(SaasRole::getOwnerOuId, ouId)
+				.eq(SaasRole::getRoleType, RoleTypeEnum.COMMON.getValue())
+				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value)
+				.select(SaasRole::getId)
+				.list();
+	}
 }
 

tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java

@@ -1,10 +1,8 @@
 package cn.axzo.tyr.server.service;
 
 import cn.axzo.tyr.client.model.enums.IdentityType;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 
 import java.util.List;
@@ -44,7 +42,6 @@ public interface SaasRoleUserService {
      */
     boolean deleteUserRoles(DeleteUserRoleParam param);
 
-
     /**
      * <pre>
      *  查询人所在的工作台或者单位中的数据
@@ -60,4 +57,24 @@ public interface SaasRoleUserService {
      * @return
      */
     List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds);
+
+    /**
+     * workpaceId + ownerOuId + roleId + 手机号 + 姓名 赋予角色（支持角色赋予的同时 角色创建）
+     * work for: 组织 + 服务包
+     */
+    void createSuperAdminRole(CreateSuperAdminRoleParam param);
+
+    /**
+     * 批量获取超管信息
+     * @param param
+     * @return
+     */
+    List<SuperAdminInfoDTO> superAdminList(SuperAdminParam param);
+
+    /**
+     * 移除管理员
+     * @param params
+     * @return
+     */
+    boolean deleteAdminRole(List<DeleteAdminRoleParam> params);
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java

@@ -172,7 +172,8 @@ public class RoleServiceImpl implements RoleService {
 		}
 		// 根据工作台类型和单位类型查询角色分组
 		List<SaasRoleGroup> roleGroup = new ArrayList<>();
-		if (CollectionUtils.isNotEmpty(req.getWorkspaceTypeCode()) || CollectionUtils.isNotEmpty(req.getOuTypeCode())) {
+		// 如果传入了角色id就以传入的角色id为准
+		if (CollectionUtils.isEmpty(req.getIds()) && (CollectionUtils.isNotEmpty(req.getWorkspaceTypeCode()) || CollectionUtils.isNotEmpty(req.getOuTypeCode()))) {
 			roleGroup = saasRoleGroupDao.query(QuerySaasRoleGroupReq.builder()
 				.ids(req.getSassRoleGroupIds())
 				.workspaceTypeCode(req.getWorkspaceTypeCode())
@@ -197,8 +198,8 @@ public class RoleServiceImpl implements RoleService {
 				.in(CollectionUtils.isNotEmpty(req.getIds()), BaseEntity::getId, req.getIds())
 				.in(CollectionUtils.isNotEmpty(groupRelation), BaseEntity::getId, groupRelation.stream().map(SaasRoleGroupRelation::getRoleId).collect(Collectors.toList()))
 				.in(CollectionUtils.isNotEmpty(req.getRoleType()), SaasRole::getRoleType, req.getRoleType())
-				.in(CollectionUtils.isNotEmpty(req.getWorkspaceId()),SaasRole::getWorkspaceId,req.getWorkspaceId())
-				.in(CollectionUtils.isNotEmpty(req.getOuId()),SaasRole::getOwnerOuId,req.getOuId())
+				.in(CollectionUtils.isEmpty(req.getIds()) && CollectionUtils.isNotEmpty(req.getWorkspaceId()),SaasRole::getWorkspaceId,req.getWorkspaceId())
+				.in(CollectionUtils.isEmpty(req.getIds()) && CollectionUtils.isNotEmpty(req.getOuId()),SaasRole::getOwnerOuId,req.getOuId())
 				.orderByDesc(BaseEntity::getId)
 				.list();
 		return getByIds(list.stream().map(BaseEntity::getId).collect(Collectors.toList()), req.getIsCommon(),req.getWorkspaceId(),req.getOuId(),req.getIncludePermissionGroup());

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java

@@ -1,13 +1,14 @@
 package cn.axzo.tyr.server.service.impl;
 
+import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.basics.common.exception.ServiceException;
+import cn.axzo.basics.common.util.AssertUtil;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.BaseWorkspaceModel;
 import cn.axzo.tyr.client.model.enums.IdentityType;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteUserRoleParam;
-import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
+import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
@@ -16,11 +17,13 @@ import cn.axzo.tyr.server.service.SaasRoleUserService;
 import cn.hutool.core.collection.CollectionUtil;
 import com.alibaba.nacos.common.utils.CollectionUtils;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.google.common.collect.Lists;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
@@ -120,6 +123,7 @@ public class RoleUserService implements SaasRoleUserService {
 	}
 
 	@Override
+	@Transactional(rollbackFor = Exception.class)
 	public boolean deleteUserRoles(DeleteUserRoleParam param) {
 		List<SaasRole> roleList = saasRoleDao.lambdaQuery()
 				.eq(Objects.nonNull(param.getOuId()), SaasRole::getOwnerOuId, param.getOuId())
@@ -142,4 +146,73 @@ public class RoleUserService implements SaasRoleUserService {
 	public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
 		return roleUserRelationDao.queryByWorkspaceIdOrOu(identityId, identityType, workspaceIds, ouIds);
 	}
+
+	@Override
+	@Transactional(rollbackFor = Exception.class)
+	public void createSuperAdminRole(CreateSuperAdminRoleParam param) {
+		//获取超管角色
+		SaasRole saasRole = saasRoleDao
+				.findRoleByTypeAndWorkspaceIdAndOuId(RoleTypeEnum.SUPER_ADMIN.getValue(),
+						param.getWorkspaceId(), param.getOuId());
+		if (saasRole == null) {
+			saasRole = new SaasRole();
+			saasRole.setDescription(RoleTypeEnum.SUPER_ADMIN.getDesc());
+			saasRole.setName(RoleTypeEnum.SUPER_ADMIN.getDesc());
+			saasRole.setWorkspaceId(param.getWorkspaceId());
+			saasRole.setWorkspaceType(param.getWorkspaceType());
+			saasRole.setOwnerOuId(param.getOuId());
+			saasRole.setRoleType(RoleTypeEnum.SUPER_ADMIN.getValue());
+			saasRole.setIsDelete(0L);
+
+			checkRoleName(RoleTypeEnum.SUPER_ADMIN.getDesc(), param.getWorkspaceId(), param.getOuId());
+			saasRoleDao.save(saasRole);
+		}
+		//删除当前超管角色
+		roleUserRelationDao.deleteByRoldId(Lists.newArrayList(saasRole.getId()));
+
+		//新增关联关系
+		SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
+		saasRoleUserRelation.setIdentityId(param.getIdentityId());
+		saasRoleUserRelation.setRoleId(saasRole.getId());
+		saasRoleUserRelation.setIdentityType(param.getIdentityType().getCode());
+		saasRoleUserRelation.setNaturalPersonId(param.getNaturalPersonId());
+		saasRoleUserRelation.setOuId(param.getOuId());
+		saasRoleUserRelation.setWorkspaceId(param.getWorkspaceId());
+		roleUserRelationDao.save(saasRoleUserRelation);
+	}
+
+	private void checkRoleName(String name, Long workspaceId, Long ouId) {
+		List<SaasRole> saasRoles = saasRoleDao.listCommonRoleByNameAndWorkspaceIdAndOuId(name,
+				workspaceId, ouId);
+		AssertUtil.isEmpty(saasRoles, "已存在相同的角色名称，请更换角色名称");
+	}
+
+	@Override
+	public List<SuperAdminInfoDTO> superAdminList(SuperAdminParam param) {
+		if (param.getWorkspaceId() == null || CollectionUtil.isEmpty(param.getOuIds())) {
+			return Collections.emptyList();
+		}
+		List<SaasRoleUserRelation> relations = roleUserRelationDao.lambdaQuery()
+				.in(SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId())
+				.in(SaasRoleUserRelation::getOuId, param.getOuIds())
+				.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
+		if (CollectionUtils.isEmpty(relations)) {
+			return Collections.emptyList();
+		}
+		return relations.stream().map(r -> {
+			SuperAdminInfoDTO superAdminInfo = new SuperAdminInfoDTO();
+			superAdminInfo.setWorkspaceId(r.getWorkspaceId());
+			superAdminInfo.setOuId(r.getOuId());
+			superAdminInfo.setIdentityId(r.getIdentityId());
+			superAdminInfo.setIdentityType(r.getIdentityType());
+			return superAdminInfo;
+		}).collect(Collectors.toList());
+	}
+
+	@Override
+	@Transactional(rollbackFor = Exception.class)
+	public boolean deleteAdminRole(List<DeleteAdminRoleParam> params) {
+
+		return false;
+	}
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyDetailServiceImpl.java

@@ -89,9 +89,9 @@ public class SaasFeatureApplyDetailServiceImpl implements SaasFeatureApplyDetail
     @Transactional(rollbackFor = Exception.class)
     public void updateApplyDetail(PermissionPointApplyDetailUpdateReq req) {
         SaasFeatureApplyDetail detail = BeanMapper.copyBean(req, SaasFeatureApplyDetail.class, (p, s) -> {
-            s.setFitOuTypeBit(p.getFitOuTypeList() == null ? "" : JSON.toJSONString(p.getFitOuTypeList()));
+            s.setFitOuTypeBit(p.getFitOuTypeList() == null ? "[65535]" : JSON.toJSONString(p.getFitOuTypeList()));
             s.setFitOuNodeTypeBit(
-                    p.getFitOuNodeTypeList() == null ? "" : JSON.toJSONString(p.getFitOuNodeTypeList()));
+                    p.getFitOuNodeTypeList() == null ? "[65535]" : JSON.toJSONString(p.getFitOuNodeTypeList()));
         });
         this.saveOrUpdate(Lists.newArrayList(detail));
     }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureApplyServiceImpl.java

@@ -5,6 +5,7 @@ import java.util.function.Function;
 import java.util.stream.Collectors;
 
 import cn.axzo.tyr.client.model.enums.FeatureDataType;
+import com.google.common.collect.Lists;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang3.BooleanUtils;
@@ -423,9 +424,9 @@ public class SaasFeatureApplyServiceImpl implements SaasFeatureApplyService {
             detail.setSort(point.getSort());
             detail.setTerminal(point.getTerminal());
             detail.setFeatureType(point.getFeatureType());
-            detail.setFitOuTypeBit(point.getFitOuTypeList() == null ? "" : JSON.toJSONString(point.getFitOuTypeList()));
+            detail.setFitOuTypeBit(point.getFitOuTypeList() == null ? "[65535]" : JSON.toJSONString(point.getFitOuTypeList()));
             detail.setFitOuNodeTypeBit(
-                point.getFitOuNodeTypeList() == null ? "" : JSON.toJSONString(point.getFitOuNodeTypeList()));
+                point.getFitOuNodeTypeList() == null ? "[65535]" : JSON.toJSONString(point.getFitOuNodeTypeList()));
             detail.setDelegatedType(point.getDelegatedType());
             detail.setCreateBy(createBy);
             detail.setCreateAt(now);

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java

@@ -424,7 +424,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                             //通过子级查询父级并打平树型结构
                             List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
                                     .ids(buttonPermissionPointId)
-                                    .terminalList(StrUtil.isNotBlank(identityAuthReq.getTerminal()) ? Collections.singletonList(identityAuthReq.getTerminal()) : new ArrayList<>())
+                                    .terminalList(identityAuthReq.getTerminal())
                                     .build());
 
                             workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
@@ -461,7 +461,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                         //通过子级查询父级并平铺菜单
                         List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
                                 .ids(new HashSet<>(resultHashAuthPointId))
-                                .terminalList(StrUtil.isNotBlank(identityAuthReq.getTerminal()) ? Collections.singletonList(identityAuthReq.getTerminal()) : new ArrayList<>())
+                                .terminalList(identityAuthReq.getTerminal())
                                 .build());
 
                         workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()